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ABSTRACT 



Systems and methods for dynamically creating new users 
having transparent computer access to a destination 
network, wherein the users otherwise have access to a home 
network through home network settings resident on the 
users' computers, and wherein the users can access the 
destination network without altering the home network 
settings. The system includes a gateway device for receiving 
a request from a user for access to the destination network, 
a user profile database comprising stored access information 
and in communication with the gateway device, and an 
Authentication, Authorization and Accounting (AAA) 
server in communication with the gateway device and user 
profile database. The AAA server determines if user is 
entitled to access the destination network based upon the 
access information stored within the user profile database, 
and wherein the AAA server redirects the user to a login 
page where the access information does not indicate the 
user's right to access the destination network. The systems 
and methods of the present invention can also redirect users 
having transparent computer access to a destination 
network, wherein the users otherwise have access to a home 
network through home network settings resident on the 
users' computers, and wherein the users can access the 
destination network without altering the home network 
settings. 

11 Claims, 1 Drawing Sheet 
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SYSTEMS AND METHODS FOR 497, 60/160,973, 60/161,189, 60/161,139, 60/160,890 and 

REDIRECTING USERS HAVING 60/161,182, a universal subscriber gateway device has been 

TRANSPARENT COMPUTER ACCESS TO A developed by Nomadix, Inc. of Westlake Village, Calif. The 

NETWORK USING A GATEWAY DEVICE contents of these applications are incorporated herein by 

HAVING REDIRECTION CAPABILITY 5 reference. The gateway device serves as an interface con- 
necting the user to a number of networks or other online 

CROSS-REFERENCE TO RELATED services. For example, the gateway device can serve as a 

APPLICATIONS gateway to the Internet, the enterprise network, or other 

The present application claim priority from U.S. Provi- ne ' works ™ d/or ^ ^ ices " *° t0 fj"*, as a 

sional Patent Application Ser. No. 60/111,497, filed Dec. 8, 10 ,he gateway device automatically adapts to a 

1988 tbe contents of which are incorporated by reference. °«W m order th , a ' * 7* aomBn ^ l , ™* the new 

r J network in a manner that is transparent both to the user and 

FIELD OF THE INVENTION the new network. Once the gateway device has appropriately 

Hie present invention relates generally to a gateway ada P ted t0 the ; computer, the computer can appropri- 

device and, more particularly, to a universal network gate- is ately communicate via the new network, such as the network 

way for redirecting to a portal page a computer transparently at » hotel > at home at an airport, or any other location, in 

accessing a service provider network. order J° access om « ^tworks, such as the enterprise 

network, or other online services, such as the Internet. 
BACKGROUND OF THE INVENTION ^ port able computer user, and more specifically the 
In order for a computer to function properly in a network 2 o remole or laptop user, benefits from being able to access a 
environment, the computer must be appropriately config- myriad of computer networks without having to undergo the 
ured. Among other things, this configuration process estab- time-consuming and all-too-often daunting task of reconfig- 
lishes the protocol and other parameters by which the uring their host computer in accordance with network spe- 
computer transmits and receives data. In one common cific configurations. In addition, no additional software need 
example, a plurality of computers are networked to create a 2 s he loaded onto the computer prior to connection to the other 
local area network (LAN). In the LAN, each computer must network. From another perspective, the network service 
be appropriately configured in order to exchange data over provider benefits from avoiding "on-site" visits and/or tech- 
the network. Since most networks are customized to meet a nical support calls from the user who is unable to properly 
unique set of requirements, computers that are part of re-configure the portable computer. In this fashion, the 
different networks are generally configured in different 30 gateway device is capable of providing more efficient net- 
manners in order to appropriately communicate with their work access and network maintenance to the user and the 
respective networks. network operator. 

While desktop computers generally remain a part of the Gateway devices are typically used to provide network 

same network for a substantial period of time, laptops, access to the remote portable computer user, such as users in 

handhelds, personal digital assistants (PDAs), cellphones or 35 hotels, airports and other location where the remote portable 

other portable computers (collectively "portable computer user may reside. Additionally, gateway devices 

computers") are specifically designed to be transportable. As have found wide-spread use in multi-resident dwellings as a 

such, portable computers are connected to different net- means of providing the residents an intranet that networks 

works at different times depending upon the location of the the residents, broadband Internet access and the capability to 

computer. In a common example in which the portable 40 adapt to the variances of the resident's individual enterprise 

computer serves as an employee's desktop computer, the network needs. With the advent of even smaller portable 

portable computer is configured to communicate with their computing devices, such as handhelds, PDAs, and the like, 

employer's network, i.e., the enterprise network. When the the locations where these users may reside become almost 

employee travels, however, the portable computer may be limitless. 

connected to different networks that communicate in differ- 45 Through gateway devices Internet Service Providers 
ent manners. In this regard, the employee may connect the (ISPs) or enterprise network (such as a LAN established by 
portable computer to the network maintained by an airport, an entity such as a hotel) providers can permit a wide variety 
a hotel, a cellular telephone network operator or any other of users simple and transparent access to their networks and 
locale in order to access the enterprise network, the Internet to other online services. To take advantage of transparent 
or some other on-line service. The portable computer is also 50 user access to their computer networks and online services 
commonly brought to the employee's residence where it is enterprise networks or ISPs should be able to redirect users 
used to access various networks, such as, the enterprise to portal pages that the enterprise or internet service pro- 
network, a home network, the Internet and the like. Since viders wish the user to access or view. For instance, where 
these other networks are configured somewhat differently, users are located at an airport, the enterprise network admin- 
however, the portable computer must also be reconfigured in 55 istrator may wish to direct users to a portal page containing 
order to properly communicate with these other networks. arrival and departure information, or to a portal page having 
Typically, this configuration is performed by the user each the user's itinerary thereon to provide the user an incentive 
time the portable computer is connected to a different to access the network. ISPs, for example, may wish users to 
network. As will be apparent, this repeated reconfiguration access the ISPs portal page for up to the date news and 
of the portable computer is not only quite time consuming, 60 weather, information regarding the user's Internet service, 
but is also prone to errors. The reconfiguration procedure and paid advertisements. 

may even be beyond the capabilities of many users or in Homepage redirection has been accomplished in the prior 
violation of their employer's IT policy. Importantly, special art. For example, America Online (AOL) users, upon access- 
software must also typically be loaded onto the user's ing the internet, are directed to an AOL homepage from 
computer to support reconfiguration. 6 5 which the users can select a variety of AOL services, and 
As described by U.S. patent application Ser. No. 08/816, which includes advertising from various companies. 
174 and U.S. Provisional Patent Application Nos. 60/111, Typically, direction of users to such a page benefits the ISP 
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because advertisers pay money to the ISP each time a user 
accesses the Internet, as subscribers are a captive audience 
to advertising. Advertisers pay for such advertising not only 
because of the captive audience, but because advertisers can 
tailor advertisements based upon the typical audience 5 
accessing the internet. Furthermore, AOL may market its 
services through its homepage, and its homepage may be 
attractive to potential subscribers. Directing users to a par- 
ticular, page may serve an additional function. Users may be : 
directed to a particular page, such as a login page, so that the 10 
user may enter login information to be authenticated and 
authorized access on the network. Furthermore, users may 
wish to establish their own specialized portal page, such as 
a page including favorite links, a page linking the user to the 
user's business, or a page including any other items relevant 15 
to the user. 

However, such redirection of users to homepages has 
been traditionally based upon software installed on a user's 
computer and/or configurations of user computers in com- 
munication with a home network. For example, where a 20 
user's computer is appropriately configured for access to a 
home network, the user's computer can be configured to 
access a particular homepage on that network. This can be 
the case, for example, in businesses where users computers 
are configured to access an intranet homepage or an internet 25 
page specific to that company and located on the internet. 

Therefore, a method and system would be desirable which 
enables a user transparent access to a computer network 
employing a gateway device where the computer network 
can provide access to users and direct the users to portal 30 
pages established by the user, network administrator or 
another entity, where the direction is preferably based upon 
attributes associated with a user, such as the user's location, 
identity, computer, or a combination thereof. Furthermore, 
such redirection should be able to redirect users to a login 35 
page when the user does not otherwise have access to online 
services or networks so that the user may login to be 
authenticated and authorized access on the network. 

SUMMARY OF THE INVENTION 40 

The present invention comprises a method and system for 
redirecting users to a portal page where users have trans- 
parent access to a computer network utilizing a gateway 
device. The method and system advantageously operates in 45 
a manner transparent to the user since the user need not 
reconfigure their computer and no additional software need 
be added to the computer for reconfiguration purposes. 

According to the invention, users accessing the gateway 
device are redirected to a portal page. Where stored user 50 
profiles permit the users access to the destination network, 
the users can be forwarded to the destination network or a 
portal page established by the network, user, or another 
entity. Otherwise, users are directed to a login page in which 
the users must input user information so that the users can 55 
obtain access to networks and online services. The redirec- 
tion function according to the present invention can be 
utilized to direct new or existing users to customized home- 
pages established by the gateway device or individual users. 

A method for dynamically creating new users having 60 
transparent computer access to a destination network is 
disclosed, wherein the users otherwise have access to a 
home network through home network settings resident on 
the users' computers, and wherein the users can access the 
destination network without altering the home network 65 
settings. The method includes receiving at a gateway device 
a request from a user for access to a destination network, 
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determining if the user is entitled access to the destination 
network based upon a user profile corresponding to the user 
and stored within a user profile database in communication 
with the gateway device, and redirecting the user to a login 
page when the user profile does not include rights to access 
the destination network. Furthermore, the method of the 
present invention can include the step of forwarding the user 
to the destination network when the user profile includes 
rights to access the destination network. The method can 
also include the step of automatically redirecting the user to 
a portal page following receipt of a request for access to the 
destination network prior to determining if the user is 
entitled access to the destination network 

According to one aspect of the invention, the method can 
include the step of establishing a login page on a webserver 
local to the gateway device prior to redirecting the user to 
the login page. The method can also include accepting user 
information at the login page which is thereafter utilized by 
the gateway device to authorize the user access to the 
destination network. The user profile database can be 
updated with the user information. 

According to another aspect of the invention, the user may 
be forwarded from the login page and returned to a portal 
page or directed to a destination address which can be an 
Internet destination address. Redirecting the user to a login 
page can include redirecting a browser located on the user's 
computer to the login page. Furthermore, redirecting the 
browser located on the user's computer can include receiv- 
ing a Hyper-Text Transfer Protocol (HTTP) request for the 
destination address and responding with an HTTP response 
corresponding to the login page. 

According to another embodiment of the invention, a 
system for dynamically creating new users having transpar- 
ent computer access to a destination network is disclosed, 
wherein the users otherwise have access to a home network 
through home network settings resident on the users' 
computers, and wherein the users can access the destination 
network without altering the home network settings. The 
system includes a gateway device for receiving a request 
from a user for access to the destination network, and a user 
profile database comprising stored access information and in 
communication with the gateway device. The system further 
includes an Authentication, Authorization and Accounting 
(AAA) server in communication with the gateway device 
and user profile database, where the AAA server determines 
if a user is entitled to access the destination network based 
upon the access information stored within the user profile 
database, and wherein the AAA server redirects the user to 
a login page where the access information does not indicate 
the user's right to access the destination network. The 
system can also direct the user to a portal page upon the 
user's access to the network, prior to determining the access 
rights of the user. 

According to one aspect of the invention, the login page 
is maintained local to the gateway device. The user profile 
database and AAA server can also be located within the 
gateway device. Furthermore, the user profile database can 
be located within the AAA server. 

According to another embodiment of the invention, the 
user profile database includes a plurality of user profiles, 
wherein each respective user profile of the plurality of user 
profiles contains access information. In addition, each 
respective user profile may contain historical data relating to 
the duration of destination network access for use in deter- 
mining the charges due for the destination network access. 

According to another embodiment of the invention, a 
method for redirecting users having transparent computer 
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access to a destination network is disclosed, wherein the which preferred embodiments of the invention are shown, 
users otherwise have access to a home network through This invention may, however, be embodied in many different 
home network settings resident on the users' computers, and forms and should not be construed as limited to the embodi- 
wherein the users can access the destination network without ments set forth herein; rather, these embodiments are pro- 
altering the home network settings. The method includes 5 vided so that this disclosure will be thorough and complete, 
receiving at a gateway device a request from a user for and will fully convey the scope of the invention to those 
access to a destination address, such as an Internet address, skllled in the art - Llke numbers refer to llke elements 
and redirecting the user to a portal page, wherein the user throughout. 

computer remains configured for accessing the home Referring now to FIG. 1, a computer system 10 including 
network, and wherein no additional configuration software 10 a gateway device 12 is depicted in block diagram form. The 
need be installed on the user's computer. Furthermore, computer system 10 typically includes a plurality of corn- 
redirecting the user to a portal page can comprise redirecting Peters 14 that access a computer network in order to gain 
the user to a portal page created by an administrator asso- access to networks 20 or other online services 22. For 
dated with the portal page, or redirecting the user to a portal example, the computers 14 can be plugged into ports that are 
page customized by the user is located in different rooms of a hotel, business, or a multi- 
According to another embodiment of the invention, a dwelUng unit. Alternatively the computers 14 can be 
system for redirecting users having transparent computer P lu S* ed "to potts in an airport, an arena or the like. The 
access to a destination network is disclosed, where the users device 12 P rovide f an interface between the plu- 
otherwise have access to a home network through home ^ of computers ^14 and the various networks 20 or other 
network settings resident on the users' computers, and *> online .services 22. One embodiment of a .gateway device :has 
whereintheuserscanaccessthedestinationnetworkwithout be^n descnl)eaM,y the aforemenUoned U.S. patent apphca- 
altering the home network settings. The system includes a 1100 ^ No * 08 / sl6 » 1 74. 

gateway device for receiving a request from a user for access Most commonly, the gateway device 12 is located near the 

to the destination network, and an AAA server in commu- computers 14 at a relatively low position in the overall 

nication with the gateway device, where the AAA server 25 network (i.e., the gateway device 12 will be located within 

intercepts the request from the user for access to the desti- tne hotel > multi-unit residence, airport, etc.). However, the 

nation network and redirects the user to a portal page, gateway device 12 can be located at a higher position in the 

wherein the user's computer remains configured for access- svslem b ? bem S located closer t0 the vanous networks 20 or 

ing the home network, and wherein no additional configu- other online services 22, if so desired. For example, the 

ration software need be installed on the user's computer. ™ gateway device 12 could be located at a network operating 

According to one aspect of the invention, the AAA server is center or could be located ^fore or after a router 18 in the 

located entirely within the gateway device. The portal page computer network. Although the gateway device 12 can be 

of the system can also be maintained on a server local to the physically embodied in many different fashions, the gateway 

gateway device device 12 typically includes a controller and a memory 

, * tll t « • . - 35 device in which software is stored that defines the opera- 

A unique advantage of the transparent redirection of users , , * • *• * a 

^ . & , . . . A c j * tional characteristics of the gateway device 12. 

to a portal page, and, in certain circumstances from the AU *• i .u . j • i-» u _u a a a 

^ i * i • • . c Alternatively, the gateway device 12 can be embedded 

portal page, to a login page where users subscribe for ... ./ *. i j • u 

r . , • ,i_ r ■ . . 4 t , within another network device, such as an access concen- 

network access is that a user can obtain access to networks , , 1f * n> w « *u ^ 

r. .i_ trator 16 or a router 18. Moreover, the software that defines 

or online services without installing any software onto the r.u * a • i-» u * a 

, ~ it _ & iL ' - .40 the functioning of the gateway device 12 can be stored on a 

user s computer. On the contrary, the entire process is n ^ M ^A j.l, l • j • . * r4 . 

, . , f * * *u 1 < .1 .* * * PCMCIA card that can be inserted into a computer of the 

completely transparent to the user. As such, the method and , - , . , 4 4 „ 

c lL . • c -A-l . * plurality of computers 14 in order to automatically recon- 
apparatus of the present invention facilitates transparent £ \ A • . j-ir * 
rr A , 4 . y , t . . r , figure the computer to communicate with a different corn- 
access to destination networks without requiring a user to * . r . 4 , * n , , . 

n iL . . . « i puter system, such as the networks 20 and onlme services 

reconfigure the home network settmgs resident on the user £2 

computer and without having to install reconfiguration soft- 45 ' ^ ^ 

ware The computer system 10 typically includes an access 

* , , . , , concentrator 16 positioned between the computers 14 and 

The method and system of the vanous embodiments ^ device n fof multiplexing the signals received 

faahtate transparent access to a destination network. from the luralit of computers onto a Uhk t0 the gateway 

According to one embodiment the method and system 5Q deyice u D ding upon the medium by whicb , he 

facilitate the addition of new subscribers to the network. computere 14 are connected to the access concentrator, the 

According to anoUier embodiment, all users can be redi- access u can 5e c^gu^ in different man . 

reeled to a portal page, which can include advertising, nefs For e , t|)e access eaooBalntat «,„ be a digital 

without requimg reconfiguration ofthe users' computers, or subscriber line access mu i tip , eX er (DSLAM) for signals 

new software to be added on the users computers. 5J transmitted via regular te , ephoile ii DeS) a cab i e head end for 

BRIEF DESCRIPTION OF THE DRAWINGS signals transmitted via coaxial cables, a wireless access 

point (WAP) for signals transmitted via a wireless network, 

FIG. 1 is a block diagram of a computer system that a cable modem termination shelf (CMTS), a switch or the 

includes a gateway device for automatically configuring one like. As also shown in FIG. 1, the computer system 10 

or more computers to communicate via the gateway device 60 typically includes one or more routers 18 and/or servers (not 

with other networks or other online services, according to shown in FIG. 1) to control or direct traffic to and from a 

one embodiment of the present invention. plurality of computer networks 20 or other online services 

DETAILED DESCRIPTION OF ONE 22 ' ^ th « com P ute ( r ***** » is de P ic,ed *> *™ • 

EMBODIMENT OF THE INVENTION „ Sm f ^ ' he C ?T " 3 T 11 ^ ,™ * P J 

65 routers, switches, badges, or the like that are arranged in 

The present invention now will be described more fully some hierarchical fashion in order to appropriately traffic to 

hereinafter with reference to the accompanying drawings, in and from the various networks 20 or online services 22. In 



04/19/2004, EAST Version: 1.4.1 



US 6,636,894 Bl 

7 8 

this regard, the gateway device 12 typically establishes a provided for a fee and may be customized based upon the 

link with one or more routers. The routers, in turn, establish user, user's location, or user's computer. As discussed 

links with the servers of other networks or other online below, the user's identification may be used to direct the user 

service providers, such as internet service providers, based to a specific portal page, which can be a particular webpage. 
upon the user's selection. It will be appreciated by one of 5 As such, the system of the present invention includes means 

ordinary skill in the art that one or more devices illustrated for identifying a user based upon an attribute associated with 

in FIG. 1 may be combinable. For example, although not the user that is contained within the packet transmitted from 

shown, the router 18 may be located entirely within the the user's computer. Attributes can include any data well 

gateway device 12. known in the art for identifying the user, the user's location, 

The gateway device 12 of the present invention is spe- 10 and/or the user's computer. In general, identifying a user's 

cifically designed to adapt to the configuration of each of the computer that accesses a network can be done by a media 

computers 14 that log onto the computer system 10 in a access control (MAC) associated with the computer. Iden- 

manner that is transparent to the user and the computer tifying a computer based upon a MAC address is well known 

networks 20 or online services 22. In the embodiment shown to those of skill in the art, and will not be discussed in detail 

• in FIG. 1, the computer system 10 employs dynamic host 15 herein. Additionally, the attribute can be based upon a user 

configuration protocol (DHCP) service, which is a protocol name, ID, or according to one advantageous embodiment 

well known to those of skill in the art and currently imple- described below, a particular location, such as from a 

mented in many computer networks. In DHCP networks an communications port in a hotel room. As such, the location 

IP address is assigned to an individual computer of the of the user can be the identifiable attribute, 

plurality of computers 14 when the computer logs onto the 20 According to one embodiment of the present invention, 

computer network through communication with the gateway after a user accesses the computer network using a computer 

device 12. The DHCP service can be provided by an external in communication with the gateway device 12, as described 

DHCP server 24 or it can be provided by an internal DHCP above, the user is directed to a portal page. The portal page 

server located within the gateway device. may be maintained by an ISP or an enterprise network, or by 

In order to allow a user of the computer to communicate 2 s anv entrv maintaining a webpage on the Internet. According 

transparently with computer networks 20 or online services to one aspect of the invention, the portal page can be a 

22, the gateway device must be able to communicate with webpage containing any information whatsoever, and can be 

the user computer, as well as the various online services 22 created by the ISP, enterprise network administrator or user, 

or networks 20. In order to support this communication, the The portal page can contain information specific to the user 

gateway device 12 generally performs a packet translation 30 accessing the network, as discussed in detail below, 

function that is transparent to both the user and the network. Regardless of whether a user accessing the computer 

In this regard, for outbound traffic from a computer to a network is authorized access to the network, the user is 

network or on-line service, the gateway device 12 changes redirected to a portal page. After being redirected to a portal 

attributes within the packet coming from the user, such as page, the gateway device of the present invention deter- 

the source address, checksum, and application specific 35 mines the authorization and access rights of the user based 

parameters, to meet the criteria of the network to which the upon an Authentication, Authorization and Accounting 

user has accessed. In addition, the outgoing packet includes method, as described in U.S. patent application Ser. No. 

an attribute that will direct all incoming packets from the 09/458602 entitled "Systems And Methods For Authorizing, 

accessed network to be routed through the gateway device. Authenticating And Accounting Users Having Transparent 

In contrast, the inbound traffic from the computer network or 40 Computer Access To A Network Using A Gateway Device" 

other online service that is routed through the gateway filed concurrently with this application and incorporated by 

device undergoes a translation function at the gateway reference. 

device so that the packets are properly formatted for the According to one aspect of the invention, a user may be 
user's host computer. In this manner, the packet translation identified and authorized access to the network or online 
process that takes place at the gateway device 12 is trans- 45 services based upon attributes associated with the user, such 
parent to the host, which appears to send and receive data as t h e user's location or the user's computer. When this 
directly from the accessed computer network. By imple- occurs, the user can be forwarded to a portal page unique to 
menting the gateway device as an interface between the user mat user. As described below, and in the U.S. patent appli- 
and the computer network or other online service, however, cat i 0 n incorporated by reference immediately above, the 
the user will eliminate the need to re-configure their com- 50 user may be identified without being queried to input any 
puter 12 upon accessing subsequent networks as well as the identification information so that upon accessing the corn- 
need to load special configuration software on their com- put er network the user is automatically directed to a generic 
puter to support the reconfiguration. porta i page or a portal page established specifically for and 

Communication between users and networks or online unique to that user. According to another aspect of the 

services may be effectuated through ports, for example, 55 invention, a user may be identified and authorized access 

located within hotel rooms or multi-dwelling units, or based upon the user's identity after being redirected to the 

through conventional dial-up communications, such as portal page. The user may have to enter a login name and 

through the use of telephone or cable modems. According to password while at the portal page or after being directed to 

one aspect of the invention, users can be are redirected to a a login page so that the ISP or other entity maintaining the 

portal page, as described below. After being redirected to the 60 gateway device can identify the user. After entering identi- 

portal page, the user is subjected to a AAA process. Based fying data, the user may be directed to a particular portal 

upon the AAA process, the user may be permitted transpar- page, as in the first aspect described above. According to a 

ent access to the destination network or may be redirected to third aspect of the invention, the user is not authorized 

a login page in order to gather additional information to access to the network. Where this occurs the user will be 

identify the user. 65 directed from the portal page to a login page where the user 

Identifying the user is crucial in authorizing access to will have to input identification information, such as the 

networks or online services, as such services are typically user's name, address, credit card number, and other relevant 
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data so that the user may be authorized to access the rate for their service. For example, a user may elect to 

network. After the user enters sufficient login data to estab- increase the transfer rate at which signals are transmitted 

lish authorization, the user may be redirected to a portal across the computer network and pay a correspondingly 

page. higher price for the expedited service. 

The redirection is accomplished by a Home Page Redirect 5 The portal page may include advertising tailored to the 

(HPR) performed by the gateway device, a AAA server, or specific needs of the user. The gateway device would be 

by a portal page redirect unit located internal to or external capable of tailoring the material based upon user profiles in 

to the gateway device. To accomplish the redirection of a the network. The portal page may also incorporate surveys 

user to a portal page, HPR utilizes a Stack Address Trans- or links to surveys to provide the network provider with 

lation (SAT) operation to direct the user to the portal page, 10 beneficial statistical data. As an ancillary benefit, the user 

which is preferably local to the gateway device so that the who responds to the surveys may be rewarded with network 

redirection will be efficient and fast. This is accomplished by access credit or upgraded quality. Additionally, the service 

redirecting the user to a protocol stack using network and provided could offer additional services to the user by way 

port address translation to the portal server that can be of the portal page or links to these services may be offered 

internal to the computer network or gateway device. More 15 on the portal page. These services offered by the network 

specifically, the gateway device, AAA server or portal page service provider are not limited to the services related to the 

redirect unit receives the user's HTTP request for a web page network connection. For example, a hotel may desire to offer 

and sends back the HTTP response reversing the network the user in -room food service or a multi-unit dwelling may 

and port address translation the portal server, essentially want to offer house cleaning service, 

acting as a transparent 'go-between* to the user and portal 2 o Th e portal page may also comprise information related to 

server. It will be appreciated, however, that to receive the the status of the current network session. By way of example 

HTTP request the gateway device, AAA server or portal this information may include, current billing structure data, 

page redirect unit must initially open a Transmission Control the category /level of service that the user has chosen, the 

Protocol (TCP) connection to a server in line with the bandwidth being provided to the user, the bytes of informa- 

user-requested internet address. 2 5 uon currently sent or received, the current status of network 

According to one aspect of the present invention, when a connection(s) and the duration of the existing network 
user initially attempts to access a destination location, the connection(s). It is to be understood, by those skilled in the 
gateway device, AAA server or portal page redirect unit art to which this invention relates that all conceivable useful 
receives this request and routes the traffic to a protocol stack information relating to the current network session could be 
on a temporary server, which can be local to the gateway 30 displayed to the user in a multitude of combinations as 
device. This can occur where a user initially opens a web defined by the user and/or the gateway administrator. The 
browser resident on the user's computer and attempts to gateway administrator will have the capability to dynami- 
access a destination address, such as an Internet site. The cally change the information supplied in the portal page 
destination address can also include any address accessible based on many factors, including the location of the user, the 
via the network or an online service, and can include the 35 profile of the user and the chosen billing scheme and service 
portal page. The protocol stack can pretend to be the level. The information provided in the portal page may 
user-entered destination location long enough to complete a prompt the user to adjust any number of specific parameters, 
connection or 'handshake'. Thereafter, this protocol stack such as the billing scheme, the routing, the level of service 
directs the user to the portal server, which can be local to the and/or other user-related parameters, 
gateway device to facilitate higher speed communication. 40 The portal page may be implemented with an object- 
The redirection to the portal server can be accomplished by oriented programming language such as Java developed by 
redirecting web pages only, rather than all traffic, including Sun Microsystems, Incorporated of Mountain View, Calif. 
E-mails, FTPs, or any other traffic. Therefore, once The code that defines the portal page can be embodied 
authorized, if a user does not attempt to access a webpage within the gateway device, while the display monitor and the 
through the user's internet browser, the gateway device can 45 driver are located with the host computers that are in 
forward the communication transparently to the user's communication with the gateway device. The object ori- 
requested destination without requiring the user to access the ented programming language that is used should be capable 
portal page. Furthermore, according to one aspect of the of creating executable content (i.e. self- running 
invention specific user-input destination addresses may be applications) that can be easily distributed through network- 
authorized to pass through the gateway device without being 50 ing environments. The object oriented programming lan- 
redirected. guage should be capable of creating special programs, 

The portal page can also be specialized based on the user, typically referred to as applets that can be incorporated in 

user's location, user's computer, or any combination thereof portal pages to make them interactive. In this invention the 

For example, assuming that the user has been authenticated applets take the form of the portal pages. It should be noted 

and has authorization, the gateway device can present users 55 that the chosen object-oriented programming language 

with a portal page that identifies, among other things, the would require that a compatible web browser be imple- 

online services or other computer networks that are acces- mented to interpret and run the portal page. It is also possible 

sible via the gateway device. In addition, the portal page to implement the portal page using other programming 

presented by the gateway device can provide information languages, such as HTML, SGML and XML; however, these 

regarding the current parameters or settings that will govern 60 languages may not be able to provide all the dynamic 

the access provided to the particular user. As such, the capabilities that languages, such as Java provide, 

gateway administrator can readily alter the parameters or By re -directing the user to the portal page the gateway 

other settings in order to tailor the service according to their administrator or network operator is provided the opportu- 

particular application. Typically, changes in the parameters nity to present the user with updated information pertaining 

or other settings that will potentially utilize additional 65 to the remote location (i.e. the hotel, the airport etc.). By way 

resources of the computer system will come at a cost, such of example the portal page may provide for links to the 

that the gateway administrator will charge the user a higher corporate home page, a travel site on the Internet, an Internet 
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search engine and a network provider home page. 
Additionally, the buttons or any other field within the portal 
page may include other types of information options, such as 
advertising fields or user-specific links or fields based upon 
data found in the user's profile or inputted by the user. 5 

It will be appreciated that the portal page is not limited to 
supplying information related to the user's billing and 
service plans. It is also possible to configure the portal page 
to include information that is customized to the user or the 
location/site from which the user is remotely located. For 10 
example, the user may be located at a hotel for the purpose 
of attending a specific convention or conference either in the 
hotel or within the immediate vicinity of the hotel. The 
gateway device may have "learned" this information about 
the user through an initial log-on profile inquiry or the 15 
gateway administer may have inputted this information into 
a database. 

The gateway device can store user profile information 
within a user-specific AAA database, as described below, or 
it can store and retrieve data from external databases. The 20 
gateway device can be configured to recognize these profiles 
and to customize the portal page accordingly. In the hotel 
scenario, the portal page may include a link for convention 
or conference services offered by the hotel. 

25 

In another example of location specific portal page data, 
the user may be remotely accessing the gateway device 
while located in a specific airport terminal. The gateway 
device will be configured so that it is capable of providing 
ready access to information related to that specific airport 3Q 
terminal, i.e. information pertaining to the current flights 
scheduled to depart and arrive that terminal, the retail 
services offered in that specific terminal, etc. In this manner, 
the portal page may include a link for terminal specific flight 
information and/or terminal specific retail services available 35 
to the user. 

It will also be appreciated that the HPR may be configured 
so a user is redirected to a portal page upon specific default 
occurrences, such as a time out, or according to preset time. 
For example, the portal page may act as a screen-saver, ^ 
where the user is redirected to a portal page after a given 
period of inactivity. These functions may be established by 
the ISP or enterprise network administrator. 

Customization of the information comprising the portal 
page is not limited to the gateway administrator or the 45 
network operator. The user may also be able to customize the 
information that is provided in the portal page. The user 
customization may be accomplished either directly by the 
user configuring the portal page manually or indirectly from 
the gateway device configuring the portal page in response 50 
to data found in the user-specific profile. In the manual 
embodiment the user may be asked to choose which infor- 
mation or type of information they would like supplied in the 
portal page for that specific network session. For instance, 
the user may require an alarm clock counter to insure an 55 
appointment is met or the user may require periodical 
updates of a specific stock quote. The information that a user 
customizes for the portal page may be network session 
specific, may be associated with the duration of a gateway 
subscription or may be stored in a user profile for an so 
indefinite period of time. The gateway device's ability to 
communicate with numerous user databases provides the 
basis for storing user specific profiles for extended periods 
of time. 

As explained above, the portal page presented to the user 65 
can be dependent upon an attribute associated with the user, 
such as the user's identification, the user's location, an 
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address associated with the user's computer, or a combina- 
tion thereof The means in which a user is identified and 
access rights are determined is based upon an 
Authentication, Authorization and Accounting (AAA) 
method implemented by the AAA server, and disclosed in 
U.S. patent application Ser. No. 09/458,602, and filed con- 
currently with this application. 

One function of the AAA server is to identify the user in 
communication with the gateway device in a manner that is 
transparent to the user. That is, the user will not be required 
to reconfigure the computer or otherwise change the home 
network settings, and no additional configuration software 
will have to be added to the computer. According to one 
embodiment of the present invention, after a user is directed 
to a portal page, the AAA server can be accessed to authorize 
and authenticate the user. Therefore, upon accessing the 
network, the user may be forwarded to a generic portal page, 
and after the user may be authenticated, the user can be 
forwarded via HPR and SAT to a specialized portal page, as 
described above. 

After receiving a request for access from a user, forward- 
ing the user to a portal page, and identifying the user or 
location the AAA server then determines the access rights of 
the particular user. In addition to storing whether users have 
valid access rights, the user profile database can also include 
specialized access information particular to a specific loca- 
tion or user, such as the bandwidth of the user's access, or 
a portal page to which a user should be directed. For 
example, a user accessing the network from a penthouse 
may receive a higher access band rate than someone access- 
ing the destination network from a typical hotel room. 
Additionally, a user profile can include historical data relat- 
ing to a user's access to the network, including the amount 
of time a user has accessed the network. Such historical 
information can be used to determine any fees which may be 
charged to the user, or due from the user, for access. 
Specialized access information contained within the user 
profile may be established by the system administrator, or by 
the user who has purchased or otherwise established access 
to the network. For example, where a user is transparently 
accessing the gateway device from a hotel room, the hotel 
network administrator may enter user access information 
into the profile database based upon access rights associated 
with a room in the hotel. This can also be done automatically 
by the gateway device or a local management system, such 
as a hotel property management system, when the user 
checks into his or her room. 

Assuming that a user does not have a subscription for 
access to the network, a login page enables new users to 
subscribe to the computer network so that they may subse- 
quently obtain access to networks or online services trans- 
parently through the gateway device. The user may take 
steps to become authenticated so that the user's information 
may be recorded in the user profile database and the user is 
deemed valid. For example, a user may have to enter into a 
purchase agreement, requiring the user to enter a credit card 
number. If the user needs to purchase access, or if the system 
needs additional information about the user, the user is 
redirected from the portal page via HPR and SAT to a 
location, such as a login page, established to validate new 
users. SAT and HPR can intervene to direct the user to a 
webserver (external or internal) where the user has to login 
and identify themselves. Location-based information and 
authorization, as described in detail in U.S. patent applica- 
tion Ser. No. 60/161,093, incorporated herein by reference, 
can be sent to the portal page as part of this redirection 
process. This enables the portal page to be customized to 
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include customized information, such as locale restaurant 
ads or train schedules. 

Assuming that a user has not been authorized access to the 
network based upon location based identification or user 
input identification, the user must provide the gateway 5 
device with sufficient information to become authorized 
access. Where the user is not authorized access the user is 
forwarded via HPR and SAT from the portal page to a login 
page. The login page enables new users to subscribe to the 
computer network so that they may subsequently obtain 10 
access to networks or online services transparently through 
the gateway device. To direct the users to a login page the 
AAA server calls upon the HPR function. The HPR directs 
the user to the login page, and after the user has entered 
requisite information into the login page, the AAA server 15 
adds the new information to the customer profile database 
and can direct the user to the user's desired destination, such 
as an Internet address or can return the user to a portal page, 
depending upon the design of the system. Thus, new users 
can gain access to networks or online services without being 20 
predefined in the user profile database. 

After receiving the user's login information, the AAA 
server will create a user profile utilizing this information so 
that the user will be able to obtain immediate access to the 
network next time the user logs in without being required to 25 
enter login information again. The AAA server can create a 
profile for the user in a locally stored user profile database, 
or can update the user profile in a database external to the 
gateway device. Regardless of the location of the user 
profile, the next time the user attempts to login the user's 30 
profile will be located in the user profile database, the user's 
access rights determined, and the user allowed transparent 
access to networks or services. 

Many modifications and other embodiments of the inven- 35 
tion will come to mind to one skilled in the art to which this 
invention pertains having the benefit of the teachings pre- 
sented in the foregoing descriptions and the associated 
drawings. Therefore, it is to be understood that the invention 
is not to be limited to the specific embodiments disclosed ^ 
and that modifications and other embodiments are intended 
to be included within the scope of the appended claims. 
Although specific terms are employed herein, they are used 
in a generic and descriptive sense only and not for purposes 
of limitation. 45 

That which is claimed: 

1. A method for redirecting an original destination address 
access request to a redirected destination address, the 
method comprising the steps of: 

receiving, at a gateway device, all original destination 50 

address access requests originating from a computer; 
determining, at the gateway device, which of the original 

destination address requests require redirection; 
storing the original destination address if redirection is 
required; 55 

modifying, at the gateway device, the original destination 
address access request and communicating the modi- 
fied request to a redirection server if redirection is 
required; 

responding, at the redirection server, to the modified 
request with a browser redirect message that reassigns 
the modified request to an administrator-specified, redi- 
rected destination address; 

intercepting, at the gateway device, the browser redirect 65 
message and modifying it with the stored original 
destination address; and 
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sending the modified browser redirect message to the 
computer, which automatically redirects the computer 
to the redirected destination address. 

2. The method of claim 1, further comprising the step of 
directing the computer to the stored original destination 
address after the computer has been automatically redirected 
to the redirected destination address. 

3. The method of claim 2, wherein the step of directing the 
computer to the stored original destination address occurs 
after a predetermined length of time. 

4. The method of claim 2, wherein the step of directing the 
computer to the stored original destination address occurs 
after a predetermined computer input event has occurred. 

5. The method of claim 1, wherein the step of responding, 
at the redirection server, to the modified request with a 
browser redirect message that reassigns the modified request 
to an administrator-specified, redirected destination address 
further comprises responding, at the redirection server, to the 
modified request with a browser redirect message that 
reassigns the modified request to a redirected destination 
address associated with a login page. 

6. A system for redirecting an original destination address 
access request to a redirected destination address, the system 
comprising: 

a computer that initiates original destination address 
requests; 

a gateway device in communication with the computer, 
that receives the original destination address requests 
from the computer, determines if redirection of any of 
the original destination address requests is required, 
stores the original destination address request if redi- 
rection is required and modifies the original destination 
address request if redirection is required, and 

a redirection server in communication with the gateway 
device that receives the modified request from the 
gateway device and responds with a browser redirect 
message that reassigns the request to an administrator- 
specified, redirect destination address, 

wherein the gateway device intercepts the browser redi- 
rect message and modifies the response with the stored 
original destination address before forwarding the 
browser redirect message to the computer and wherein 
the computer receives the modified browser redirect 
message and the computer is automatically redirected 
to the redirect destination address. 

7. The system of claim 6, further comprising a user profile 
database in communication with the gateway device that 
includes stored user-access information. 

8. The system of claim 6, further comprising an 
Authentication, Authorization and Accounting (AAA) 
server in communication with the gateway device and user 
profile database, the AAA server determines if a user of the 
computer is entitled to access the original destination 
address requests based upon the user-access information 
stored within the user profile database. 

9. The system of claim 6, wherein the redirection server 
is located within the gateway device. 

10. The system of claim 7, wherein the user-profile 
database is located within the gateway device. 

11. The system of claim 8, wherein the AAA server is 
located within the gateway device. 

***** 
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